[Mimedefang] Virus statistics (was: One that the default filter missed...)
David F. Skoll
dfs at roaringpenguin.com
Fri May 24 15:10:29 EDT 2002
On Fri, 24 May 2002, Michael D. Sofka wrote:
> I have also
> placed a copy of the report I prepared based on a few weeks of data
> gathering (viruses.pdf).
And you used pdfLaTeX to make it. :-) Man after my own heart...
One question: Why don't you just block all executables as in the
latest (2.12) sample filter? I expect then that MD would have caught
99.9% of everything that was caught by Sophos. Your point about .doc
and .xls is well taken; however, I think Word and Excel are not as
widely deployed as Windows itself (especially for home users), so such
viruses would propagate more slowly.
Is there a legitimate reason for allowing .pif/.exe/.scr/etc files
to travel by e-mail?
> Finally, you will note this is MIMEDefang 2.3. Since upgrading will
> require a new compile of sendmail,
Actually, not really; MD 2.12 should still work fine with Sendmail
8.11, althought it's not recommended.
> I'm still waiting to read how CitiBank handles 1.5 million emails a day...
Me too. You can bet your bottom dollar they don't exec a virus scanner
for each message. I'm guessing they either filter based solely on
filename, or use a daemonized virus-scanner which stays resident. And I
bet they use a cluster of machines. Please let us know... :-)
--
David.
More information about the MIMEDefang
mailing list